25 High Profile Enterprise Information Security Breaches
No Industry seems to be safe from Ransomeware
Thus many sectors have implemented required governance and awareness training throughout their organizations. As time moves forward, more industries will implement proactive strategies to minimize the vulnerabilities at their sites and data breaches.
EVeryone from entertaiment to critical infrastrcuture is a target
Since very few attacks have the same targets or tactics, it is difficult to rank them by impact. Who decides what is more impactful? Is impact determined by loss of access to data and services? Or by the loss of confidentiality of Personally Identifiable Information (PII) or Personal Health Information (PII)? Or is it determined by irreparable harm to critical infrastructure and hardware? We could not decide either. Here is a list of some of the most prominent information security breaches since 2008.
- Heartland Payment Systems (2008) – Heartland payment systems suffered an attack that resulted in a breach of critical customer payment information. The resulting fallout cost the company over $200 million, and the enterprise lost its PCI-DSS compliance status. Triage and analyze events to determine whether an incident is underway
-
Sony (2011) – Account information of 77 million PlayStation network users was stolen after a prolonged (23 days) DDoS (Distributed Denial of Service) attack against Sony’s network infrastructure.
- Adobe (2013) – Encrypted credit card information and user passwords were stolen from over 150 million adobe customers.
- Target (2013) – Criminals stole nearly 40 million unique credit card numbers and 70 million account records from Target customers in attack during the 2013 holiday season.
- Yahoo (2013) – Account details and security questions of nearly 3 billion accounts compromised.
- Anthem (2015) – Anthem’s internal servers were compromised resulting in the disclosure of medical information / PII of over 78 million individuals.
-
River City Media (2017) – The email marketing group River City Media misconfigured its backup databases, this misconfiguration resulted in unsecured public access to its over 1.34 billion email records.
-
Under Armor (2017) – Account information of nearly 150 million users was stolen via a breach of the MyFitnessPal nutrition app. Weak & incorrect hashing algorithms allowed the attackers the ability to decrypt the stolen user passwords.
-
Equifax (2017) – Credit information (credit card numbers, driver’s license numbers, social security numbers, etc.) of nearly half of all Americans (147.9 million) compromised when attackers gained access to Equifax internal servers.
-
Veam (2018) – An exposed database that contained over 200 gigabytes of sensitive customer information resulted in the theft of over 440 million email addresses.
-
Facebook (2019) – Unsecure internal Facebook application leaked the personal information of over 500 million users.
- Capital One (2019)- Personal information of over 100 million credit applicants was disclosed as result of a successful breach conducted by a single attacker.
- Go Daddy (2020) – Unauthorized access to a GoDaddy managed WordPress application resulted in the theft of over 1.2 million individuals account information.
- TikTok (2020) – An unsecured database led to unauthorized third-party access to private account information of roughly 235 million social media profiles.
- SolarWinds (2020) – The 2020 supply chain attack on SolarWinds infrastructure resulted in the downstream compromise of multiple critical US governmental entities (Dept. of Treasury, Commerce, Defense, Energy, etc.). The attack was attributed to the Russian government. The extent of fallout from the attack is still being determined.
- LinkedIn (2021) – Data scrapped from unsecure API, affected nearly 700 million users.
- CAM4 (2021) – The adult media platform CAM4 exposed nearly 7 terabytes worth of data containing roughly 11 billion records (emails/passwords).
- CNA Financial (2021) – The financial company paid a $40 million ransom after their infrastructure was crippled by ransomware.
- Alibaba (2021) – 1.1 billion instances of personal information scrapped from with the help of malicious insiders.
- Colonial Pipeline (2021) – Fell victim to an attack by the ransomware group Darkside. Colonial paid the demanded ransom, but the fallout still led to widespread panic about fuel prices/availability on the east coast.
- JBS (2021) – The meatpacking company JBS was the victim of a ransomware attack by the criminal group REvil. The organization ended up paying the demanded $11 million ransom.
- T-Mobile (2021) – Weak security measures led to the compromise of sensitive information (names, addresses, Social Security numbers, driver’s licenses, IMEI and IMSI numbers, and ID information) on nearly 50 million current and prospective T-Mobile customers.
- Kronos (2021) – The payroll company Kronos suffered a ransomware attack that resulted in service outages and theft of critical information. Customer and employee PII was stolen as well as critical HKG intellectual property.
- Kaseya (2021) – A supply chain attack on the IT service provider Kaseya resulted in the downstream compromise of 800-1500 Kaseya managed customer environments.
If this could happen to these billion dollar companies, then it could happen to small to medium sized companies, as well.
References
-
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
-
https://threatpost.com/kronos-dragging-itself-back-ransomware-hell/178213/
-
https://www.zdnet.com/article/the-biggest-data-breaches-of-2021/
-
https://online.maryville.edu/blog/the-top-cyber-security-breaches-of-the-last-decade/
-
https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html
Related Blog Posts
Are Your Credentials on the Web?
Let's Find Out! Step 1: Go to haveibeenpwned.com Step 2: Place Your Email (Never your password) Step 3: Click the “pwned?” button. Step 4: Write down all the sites Step 5: Go to every site and change your passwords This step should be based on prioritization of how...
MOVEit: What You Need to Know about CVE-2023-25708
MOVEit: What You Need to Know about CVE-2023-25708 The MOVEit Vulnerability, or CVE-2023-25708, is an SQL Injection vulnerability that targets the database of the MOVEit Transfer software. This is a new critical risk vulnerability and the impacts are...
Madison Horn Joins the Critical Fault Team as CEO
Madison Horn Joins the Critical Fault Team as CEO In Madison’s new role as CEO of Critical Fault, she will lead the vision and strategy for the organization while fostering a culture of growth and collaboration. Madison is dedicated to strengthening...
What Do Hackers Do with Stolen Data
Threat Actors Many individuals may ask, "What would someone want with my data?" or "Who would want my data?" It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations...
Want to learn more? Our Security Experts Are Here For You
Newsletter
Subscribe To Our Newsletter
We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.
Need Immediate Assistance?
Give us a call (405) 771-6399
Headquarters
3841 E Danforth Rd, Ste 106, Edmond, OK 73034
110 E. Houston St, 7th Floor, San Antonio, TX 78205
Copyright 2024 - Critical Fault, LLC. | Privacy Policy